*/
require_once ("domframework/csrf.php");
/** This class permit to create easily some forms to HTML (or text mode in
* future).
* Each field can be checked in AJAX or HTML. */
class form
{
/** All the fields */
private $fields = NULL;
/** The name of the form */
private $formName;
/** Allow to debug the PHP */
public $debug=0;
/** CSRF protection
* By default, the CSRF protection is active if a SESSION is active too.
* It can be disabled if needed. An Exception is raised if the form is send
* back without the token */
public $csrf=TRUE;
/** Name of the CSRF hidden field in HTML page */
public $csrfField = "CSRF_TOKEN";
/** The CSRF token value */
private $csrfToken = "";
/** The method used to send the values */
private $method = "post";
/** The Bootstrap width of the column of titles */
public $titlewidth = 2;
/** The Bootstrap width of the column of fields */
public $fieldwidth = 10;
/** Define a class for form object */
public $formClass = "form-horizontal";
/** The logging callable method */
private $loggingCallable = null;
/** The logging basemsg */
private $loggingBasemsg = "";
/** Create a form
* @param string|null $formName The form name
*/
public function __construct ($formName = "form")
{
$this->formName = $formName;
}
// The setters of the properties
// {{{
/** Set the debug level
* @param integer $val The debug value
*/
public function debug ($val)
{
$this->debug = $val;
return $this;
}
/** Set the csrf enable
* @param integer $val The csrf check
*/
public function csrf ($val)
{
$this->csrf = !! $val;
return $this;
}
/** Set the csrf token name
* @param integer $val The csrf token name
*/
public function csrfField ($val)
{
$this->csrfField = $val;
return $this;
}
/** Set the titlewidth
* @param integer $val The titlewidth
*/
public function titlewidth ($val)
{
$this->titlewidth = $val;
return $this;
}
/** Set the fieldwidth
* @param integer $val The fieldwidth
*/
public function fieldwidth ($val)
{
$this->fieldwidth = $val;
return $this;
}
/** Set the formClass
* @param integer $val The formClass
*/
public function formClass ($val)
{
$this->formClass = $val;
return $this;
}
/** Set logging class an method
* @param callable $loggingCallable The callable function. This method will
* receive two params : the LOG level (LOG_ERROR...) and the message
* @param string|null $basemsg The basemsg added at the beginning of the log
*/
public function logging ($loggingCallable, $loggingBasemsg = "")
{
$this->loggingCallable = $loggingCallable;
$this->loggingBasemsg = $loggingBasemsg;
}
// }}}
/** The private method to log if the $this->loggingCallable is defined
*/
private function loggingCallable ($prio, $msg)
{
if (! is_callable ($this->loggingCallable))
return;
$base = "";
if ($this->loggingBasemsg !== "")
$base = $this->loggingBasemsg. " ";
call_user_func ($this->loggingCallable, $prio, $base.$msg);
}
/** Save the array of fields into the structure.
* Available :
* - name : name of the field in the HTML page
* - label : label written to the describe the field
* - [titles] : text written in radio/checkboxes
* - [defaults] : default values. Must be array for checkbox/select, and
* string for others
* - [type] : text, password, hidden, checkbox, select, radio, submit,
* textarea
* text by default
* - [help] : The Help message (written below the field). Overwrited in
* case of error
* - [multiple] : Multiple selection are possible (if the type supports it)
* - [group] : define a fieldset and define the title with groupe name
* Warning : all the elements of the same group must be
* consecutive !
* - [readonly] : put a read-only flag on the field (the user see it but
* can't interract on it. The value will be sent to next
* page
* - [mandatory] : boolean to add a red star at end of label
* - [hidden] : hide the field (add a style='display:hidden' to the field)
* - [maxlength] : the maximum length of the content of the field in chars
* - [rows] : Number of rows
* - [cols] : Number of columns
* - [placeholder] : The text to be displayed in the placeholder
*
* @param array $fields The fields to be displayed
*/
public function fields ($fields)
{
$this->fields = $fields;
}
/** Add a field to the form. For the details of a field, see the description
* in fields method
* @param object $field The field to add
*/
public function addfield ($field)
{
$this->fields[] = $field;
}
/** Return the values provided by the user. Test the CSRF before continue
* NEVER read the values from $_POST in your codes or CSRF will not be
* checked */
public function values ()
{
$values = array ();
if ($this->method === "post")
{
if (isset ($_POST[$this->formName]))
$values = $_POST[$this->formName];
}
elseif ($this->method === "get")
{
if (isset ($_GET[$this->formName]))
$values = $_GET[$this->formName];
}
else
{
$this->loggingCallable (LOG_ERR,
"Unknown FORM method (GET or POST allowed)");
throw new Exception (dgettext("domframework",
"Unknown FORM method (GET or POST allowed)"));
}
if (count ($values) !== 0)
{
// CSRF protection
try
{
$this->checkToken ($values[$this->csrfField]);
}
catch (Exception $e)
{
$this->loggingCallable (LOG_ERR, $e->getMessage ());
throw new Exception (dgettext("domframework",
"Can not read the data from the form : ".
"Expired or missing CSRF Token"), 500);
}
// Remove the field CSRF : can not be used outside the form
unset ($values[$this->csrfField]);
}
if (isset ($_SESSION["domframework"]["form"][$this->formName]["fields"]))
{
foreach ($_SESSION["domframework"]["form"][$this->formName]["fields"] as
$field)
{
if ($field->type === "hidden" ||
($field->readonly !== null && $field->readonly !== false))
{
if (isset ($field->values))
$values[$field->name] = $field->values;
elseif (isset ($field->defaults))
$values[$field->name] = $field->defaults;
}
}
}
return $values;
}
/** Return the fields in HTML code. If $values is provided, use it in place
* of default values. In case of select boxes, $values are the selected
* elements
* $method is the method written in method field of \n";
return $res;
}
/** Check the token from the user
* @param string $tokenFromUser The value form the user's token */
public function checkToken ($tokenFromUser)
{
$csrf = new csrf ();
$csrf->field = $this->csrfField;
$csrf->checkToken ($tokenFromUser);
}
/** Return the token generated in form */
public function getToken ()
{
if ($this->csrfToken === "")
$this->createToken ();
return $this->csrfToken;
}
/** Check if the parameters are correct with the defined fields
* Need the session !
* @param array $values The values to check
* @param array|null $fields The fields definition (or use the session
* stored one if the value is null)
* @return array containing the errors
*/
public function verify ($values, $fields=array ())
{
if (count ($fields) === 0)
{
if (! isset ($_SESSION["domframework"]["form"]["fields"]))
return array ();
$fields = $_SESSION["domframework"]["form"]["fields"];
}
$errors = array ();
foreach ($fields as $field)
{
if ($field->mandatory !== null &&
(! array_key_exists ($field->name, $values) ||
trim ($values[$field->name]) === ""))
$errors[$field->name] = _("Field mandatory and not provided");
}
return $errors;
}
/** If there is at least one error reported in $errors, save the old values
* and the errors in the session, and redirect to the provided url.
* If there is no error, do nothing
* @param array $values The values of the fields filled by the user
* @param array $errors The errors detected by a verify
* @param object $route the route object
* @param string|null $url The URL to redirect. If not provided, use the
* $route->requestURL () method to found the calling page
*
* Example :
$form = new \form ();
$form->logging (array ('\apps\general\controllers\logging', 'log'),
$authHTML["email"]);
$values = $form->values ();
$errors = $spaceObj->verify ($values);
$form->redirectIfError ($values, $errors, $route, "/admin/space/");
$spaceuuid = $spaceObj->spaceCreateConceal ($values["spacename"]);
$route->redirect ("/admin/space/");
*/
public function redirectIfError ($values, $errors, $route, $url = "")
{
$this->saveValuesErrors ($values, $errors);
if ($url === "")
$url = "/".$route->requestURL ();
if (count ($errors)) $route->redirect ($url);
$this->saveValuesErrorsReset ();
}
/** Save the values and errors to be displayed in the next page if the session
* is available
* Need the session to work
* @param array $values The values of the fields filled by the user
* @param array|null $errors The errors detected by a verify
*/
public function saveValuesErrors ($values, $errors=array ())
{
if (isset ($_SESSION))
{
$_SESSION["domframework"]["form"][$this->formName]["values"] = $values;
$_SESSION["domframework"]["form"][$this->formName]["errors"] = $errors;
}
}
/** Reset the saved values to provide a clean form next page
* Need the session to work
*/
public function saveValuesErrorsReset ()
{
unset ($_SESSION["domframework"]["form"][$this->formName]["values"]);
unset ($_SESSION["domframework"]["form"][$this->formName]["errors"]);
}
/** Get the stored values if there is one. If there is no stored values,
* return the values provided as parameter
* @param array $values The values returned if there is no stored values
* @return array The values to use
*/
public function getOldValues ($values)
{
if (isset ($_SESSION["domframework"]["form"][$this->formName]["values"]))
{
$values = $_SESSION["domframework"]["form"][$this->formName]["values"];
unset ($_SESSION["domframework"]["form"][$this->formName]["values"]);
}
return $values;
}
/** Get the stored errors if there is one. If there is no sorted errors,
* return the errors provided as parameter
* @param array $errors The values returned if there is no stored values
* @return array The errors to use
*/
public function getOldErrors ($errors)
{
if (isset ($_SESSION["domframework"]["form"][$this->formName]["errors"]))
{
$errors = $_SESSION["domframework"]["form"][$this->formName]["errors"];
unset ($_SESSION["domframework"]["form"][$this->formName]["errors"]);
}
return $errors;
}
/** Convert Date received in one format to another.
* If the provided string is not corresponding to the format, don't change
* anything.
* Format used http://php.net/manual/en/datetime.createfromformat.php
* @param string $inputDate The date to modify
* @param string $inputFormat The input format of the date
* @param string $outputFormat The output format of the date
* @return string
*/
public function convertDate ($inputDate, $inputFormat, $outputFormat)
{
$date = DateTime::CreateFromFormat ($inputFormat, $inputDate);
if ($date === false)
return $inputDate;
$errors = $date->getLastErrors();
if ($errors["warning_count"] > 0 || $errors["error_count"] > 0)
return $inputDate;
return $date->format ($outputFormat);
}
}
/** The definition of a formfield */
class formfield
{
/** The form name */
public $formName;
/** The name of the field */
public $name;
/** The label of the field */
public $label;
/** The titles of the field */
public $titles;
/** The defaults values of the field */
public $defaults;
/** The type of the field (text, password, checkbox, select)*/
public $type="text";
/** The state of the field : hidden or show */
public $hidden = false;
/** Allow a help message to be displayed below the field. In case of error,
* it is overrided by the error message */
public $help;
/** Display the placeholder if needed */
public $placeholder = false;
/** The multiplicity of selection of the field (available in select only)*/
public $multiple;
/** The name of group for the fields */
public $group;
/** The read-only feature of the field */
public $readonly;
/** The field is mandatory */
public $mandatory;
/** The statut of error of the field */
public $error;
/** Number of rows */
public $rows;
/** Number of columns */
public $cols;
/** The Bootstrap width of the column of titles */
public $titlewidth = 2;
/** The Bootstrap width of the column of fields */
public $fieldwidth = 10;
/** When adding a field, the name and the label are the minimum mandatory
* @param string $name Name of the field
* @param string|null $label Label of the field */
public function __construct ($name, $label = "")
{
$this->name = $name;
$this->label = $label;
}
/** Display really the form */
public function display ()
{
$func = "field".$this->type;
return $this->$func ();
}
// Setters for all the properties of the class
// {{{
/** Set the type of the field
* @param string $val The value of the type of the field
*/
public function type ($val)
{
$this->type = $val;
return $this;
}
/** Set the hidden of the field
* @param string $val The value of the hidden of the field
*/
public function hidden ($val)
{
$this->hidden = !! $val;
return $this;
}
/** Set the help of the field
* @param string $val The value of the help of the field
*/
public function help ($val)
{
$this->help = $val;
return $this;
}
/** Set the placeholder
* @param string $val The value of the placeholder
*/
public function placeholder ($val)
{
$this->placeholder = $val;
return $this;
}
/** Set the multiple
* @param string $val The value of the multiple
*/
public function multiple ($val)
{
$this->multiple = $val;
return $this;
}
/** Set the group
* @param string $val The value of the group
*/
public function group ($val)
{
$this->group = $val;
return $this;
}
/** Set the readonly
* @param string $val The value of the readonly
*/
public function readonly ($val)
{
$this->readonly = !! $val;
return $this;
}
/** Set the mandatory
* @param string $val The value of the mandatory
*/
public function mandatory ($val)
{
$this->mandatory = !! $val;
return $this;
}
/** Set the rows
* @param string $val The value of the rows
*/
public function rows ($val)
{
$this->rows = $val;
return $this;
}
/** Set the cols
* @param string $val The value of the cols
*/
public function cols ($val)
{
$this->cols = $val;
return $this;
}
// }}}
/** Return the checkbox defined */
public function fieldcheckbox ()
{
// No $this->multiple, $this->rows $this->cols $this->placeholder,
// $this->maxlength
$res = "";
$res .= "
\n"; // End form-group
return $res;
}
/** Return the radio field defined */
public function fieldradio ()
{
$res = "";
// No $this->multiple, $this->rows $this->cols $this->placeholder
// $this->maxlength
$res .= "
\n";
if (isset ($this->defaults) && is_array ($this->defaults))
{
if (isset ($this->readonly) && $this->readonly !== FALSE)
{
foreach ($this->defaults as $key=>$val)
{
$res .= " multiple) && $this->multiple !== FALSE)
{
$res .= " name='$this->formName"."[";
$res .= htmlspecialchars ($this->name, ENT_QUOTES)."][".
htmlspecialchars ($key, ENT_QUOTES)."]'";
}
else
{
$res .= " name='$this->formName"."[";
$res .= htmlspecialchars ($this->name, ENT_QUOTES)."]'";
}
$res .= " value='";
$res .= htmlspecialchars ($key, ENT_QUOTES)."'";
$res .= "/>\n";
}
}
$res .= " name, ENT_QUOTES)."]";
if (isset ($this->multiple) && $this->multiple !== FALSE)
$res .= "[]";
$res .= "'";
$res .= " id='$this->formName"."_";
$res .= htmlspecialchars ($this->name, ENT_QUOTES)."'";
if (isset ($this->multiple) && $this->multiple !== FALSE)
$res .= " multiple='multiple'";
if (isset ($this->readonly) && $this->readonly !== FALSE)
$res .= " disabled='disabled'";
if (isset ($this->hidden) && $this->hidden !== FALSE)
$res .= " style='display:none'";
$res .= " class='form-control'";
if (isset ($this->rows))
$res .= " size='".$this->rows."'";
if (isset ($this->errors) || isset ($this->help))
{
$res .= " aria-describedby='".$this->formName."_";
$res .= htmlspecialchars ($this->name, ENT_QUOTES)."_help'";
}
$res .= ">\n";
foreach ($this->defaults as $key=>$val)
{
if (! is_string ($val))
{
$this->loggingCallable (LOG_ERR,
"Value as defaut for $this->name::$key is not ".
"a string (".gettype ($val).")");
throw new \Exception ("Value as defaut for $this->name::$key is not ".
"a string (".gettype ($val).")");
}
$res .= " \n";
}
$res .= " \n";
if (isset ($this->errors) || isset ($this->help))
{
$res .= " ";
if (isset ($this->help))
$res .= "".$this->help."";
if (isset ($this->help) && isset ($this->errors))
$res .= " ";
if (isset ($this->errors)) $res .= $this->errors[1];
$res .= "\n";
}
}
else
{
$res .= dgettext("domframework", "No value provided");
}
$res .= "
\n"; // End controls
$res .= "
\n"; // End form-group
return $res;
}
/** Return the submit defined */
public function fieldsubmit ()
{
$res = "";
// No $this->label, $this->multiple, $this->error, $this->rows,
// $this->cols $this->placeholder $this->maxlength
$res .= "
\n";
$res .= "
\n";
$res .= " name, ENT_QUOTES)."]'";
$res .= " id='$this->formName"."_";
$res .= htmlspecialchars ($this->name, ENT_QUOTES)."'";
if (isset ($this->readonly) && $this->readonly !== FALSE)
$res .= " disabled='disabled'";
if (isset ($this->defaults))
$res .= " value='".htmlspecialchars ($this->defaults, ENT_QUOTES).
"'";
elseif (isset ($this->label))
$res .= " value='".htmlspecialchars ($this->label, ENT_QUOTES)."'";
$res .= " class='form-control btn-primary'";
if (isset ($this->hidden) && $this->hidden !== FALSE)
$res .= " style='display:none'";
// Block the submit button 10s. The user can not double click on it and
// submit two times the POST to the server
// Re-enable after 15s, if there is a problem with the server
// This code is needed by Chrome and Edge which allow multiple submission of
// a form
$res .= " onclick='submit=this ; ";
$res .= " setTimeout(function() {";
$res .= " submit.setAttribute(\"disabled\", \"disabled\");";
$res .= " }, 1);";
$res .= "'";
$res .= "/>\n";
$res .= "
\n";
$res .= "
\n";
return $res;
}
/** Return the textarea defined */
public function fieldtextarea ()
{
$res = "";
// No $this->multiple, $this->titles
$res .= "
\n"; // End form-group
return $res;
}
/** Return the text defined */
public function fieldtext ()
{
$res = "";
// No $this->multiple, $this->titles, $this->rows, $this->cols
$res .= "
\n"; // End form-group
return $res;
}
/** Return the file defined */
public function fieldfile ()
{
$res = "";
// No $this->multiple, $this->titles, $this->rows, $this->cols
$res .= "